Thursday, June 21, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts
Reporting Period: June 18, 2018 

On 18 June 2018, Wapack Labs identified 480 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 


Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: June 18, 2018

Wapack Labs identified connections from 59,299 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Thursday, June 14, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: June 11, 2018

Wapack Labs identified connections from 5,430 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts
Reporting Period: June 11, 2018 

On 11 June 2018, Wapack Labs identified 283 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 


Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM

Thursday, June 7, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: June 6, 2018

Wapack Labs identified connections from 879 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts
Reporting Period: June 6, 2018 

On 6 June 2018, Wapack Labs identified 192 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 


Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM

Sunday, June 3, 2018

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   
Reporting Period: May 30, 2018

Wapack Labs identified connections from 753 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 30, 2018 

On 30 May 2018, Wapack Labs identified 368 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 


Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM

Tuesday, May 29, 2018

Overcome Outdated Cyber Risk Processes & Compliance - Top 2 Events in Huntsville Alabama, Next Week

Huntsville, Alabama, is one of the nation's largest technological hubs. Home to Department of Defense organizations and civilian departments and agencies including DHS, NIST, NASA, TVA, NSA, and DOE. Looking for cyber risk and compliance solutions?  Next week there will be two cyber events, in Huntsville that will have the answers you are looking for:

National Cyber Summit, June 5-7, 2018

3rd Annual H2L & Wapack Labs 2018 Threat Symposium, June 5, 2018

Use the links above to register NOW for both of these events. Both offer a unique opportunity to network with your peers, find real solutions and learn new skills.


Highlights on the H2L & Wapack Labs Threat Symposium

  • KEYNOTE - Dr. Jim Armstrong |Former CIO of a Missile Defense Agency|
    Chinese Cyber Cycle & Technology Transfer Strategy
  • Stan Lozovsky |Vice President & COO, H2L Solutions, Inc.|
    Cyber in the National Guard
  • Jeff Stutzman, CISSP | Chief Intelligence Officer, Wapack Labs LLC|
    NIST Compliance
  • Jesse Burke | Advanced Cyber Analyst, Wapack Labs LLC|
    Weaponizing the Blockchain

See You There!

WWW.WAPACKLABS.COM

Wednesday, May 23, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 21, 2018 

On 21 May 2018, Wapack Labs identified 626 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM

Wapack Labs Sinkhole Blacklist


TLP AMBER ANNOUNCEMENT:   
Reporting Period: May 21, 2018

Wapack Labs identified connections from 818 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Friday, May 18, 2018

AndroidRAT: SpyNote


SpyNote is a free, Android RAT that establishes control over Android devices utilizing a user-friendly GUI. Key features include: view all messages, listen and record all audio, and query the phone location (GPS). 28 Samples have been identified In The Wild (ITW) with 1,334 known Command and Control Nodes, delivered by binding the payload to an existing Android Packages (APK) (i.e.: game, social media, or banking app). The apps are downloaded from the Google Play Store and can transmit Personally Identifiable Information (PII) from the infected device back to the threat actor’s server.


To read the full article and find an archive of related reporting can be found in READBOARD.


Wednesday, May 16, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: May 15, 2018
 
Wapack Labs identified connections from 713 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
 
This TLP AMBER report is available only to Red Sky Alliance members.

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 15, 2018 

On 15 May 2018, Wapack Labs identified 527 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 


Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM

Monday, May 7, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: May 7, 2018 

On 7 May 2018, Wapack Labs identified 59 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM



This TLP AMBER report is available only to Red Sky Alliance members.